From d3166c92ecedd004ee7df10097fd950ef6c372d1 Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Tue, 2 Jul 2024 11:00:10 +1000
Subject: [PATCH 1/2] fix: check if user has attributes before accessing
 attributes

---
 services/api/src/models/user.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/api/src/models/user.ts b/services/api/src/models/user.ts
index ced0486678..a26338bf9b 100644
--- a/services/api/src/models/user.ts
+++ b/services/api/src/models/user.ts
@@ -184,7 +184,7 @@ export const User = (clients: {
     for (const user of users) {
       // set the lastaccessed attribute
       let date = null;
-      if (user['attributes']['last_accessed']) {
+      if (user['attributes'] && user['attributes']['last_accessed']) {
         date = new Date(user['attributes']['last_accessed']*1000).toISOString()
       }
       usersWithGitlabIdFetch.push({

From 811c5ba45700a38bfff3bdf73971aaa9e5101e7b Mon Sep 17 00:00:00 2001
From: shreddedbacon <b@benjackson.email>
Date: Tue, 2 Jul 2024 11:26:53 +1000
Subject: [PATCH 2/2] refactor: move lastaccessed call to initial req rather
 than per haspermission

---
 services/api/src/apolloServer.js | 1 +
 services/api/src/util/auth.ts    | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/services/api/src/apolloServer.js b/services/api/src/apolloServer.js
index 95c4e7f5bd..625ad84ddb 100644
--- a/services/api/src/apolloServer.js
+++ b/services/api/src/apolloServer.js
@@ -199,6 +199,7 @@ const apolloServer = new ApolloServer({
         currentUser = await User.User(modelClients).loadUserById(keycloakGrant.access_token.content.sub);
         // grab the users project ids and roles in the first request
         groupRoleProjectIds = await User.User(modelClients).getAllProjectsIdsForUser(currentUser.id, keycloakUsersGroups);
+        await User.User(modelClients).userLastAccessed(currentUser);
       }
 
       // do a permission check to see if the user is platform admin/owner, or has permission for `viewAll` on certain resources
diff --git a/services/api/src/util/auth.ts b/services/api/src/util/auth.ts
index 064c162314..428b84bb0e 100644
--- a/services/api/src/util/auth.ts
+++ b/services/api/src/util/auth.ts
@@ -187,8 +187,6 @@ export const keycloakHasPermission = (grant, requestCache, modelClients, service
       currentUser: [currentUser.id]
     };
 
-    await UserModel.userLastAccessed(currentUser);
-
     const usersAttribute = R.prop('users', attributes);
     if (usersAttribute && usersAttribute.length) {
       claims = {